security: implement user lockout (#1552)

* add data-types required for login security * implement user lockout checking at login * cleanup legacy patterns * expose passwords in test_user * test user lockout after bad attempts * test user service * bump alembic version * save increment to database * add locked_at to datetime transformer on import * do proper test cleanup * implement scheduled task * spelling * document env variables * implement context manager for session * use context manager * implement reset script * cleanup generator * run generator * implement API endpoint for resetting locked users * add button to reset all locked users * add info when account is locked * use ignore instead of expect-error
2025-12-05 18:05:15 -05:00 · 2022-08-13 13:18:12 -08:00
parent ca64584fd1
commit b3c41a4bd0
35 changed files with 450 additions and 46 deletions
--- a/mealie/scripts/reset_locked_users.py
+++ b/mealie/scripts/reset_locked_users.py
@@ -0,0 +1,34 @@
+from mealie.core import root_logger
+from mealie.db.db_setup import with_session
+from mealie.repos.repository_factory import AllRepositories
+from mealie.services.user_services.user_service import UserService
+
+
+def main():
+    confirmed = input("Are you sure you want to reset all locked users? (y/n) ")
+
+    if confirmed != "y":
+        print("aborting")  # noqa
+        exit(0)
+
+    logger = root_logger.get_logger()
+
+    with with_session() as session:
+        repos = AllRepositories(session)
+        user_service = UserService(repos)
+
+        locked_users = user_service.get_locked_users()
+
+        if not locked_users:
+            logger.error("no locked users found")
+
+        for user in locked_users:
+            logger.info(f"unlocking user {user.username}")
+            user_service.unlock_user(user)
+
+    input("press enter to exit ")
+    exit(0)
+
+
+if __name__ == "__main__":
+    main()